Detections
Analytics

phpMyFAQ < 1.6.10 Multiple Script Arbitrary File Upload

medium Nessus Plugin ID 24672

Language:

Synopsis

The remote web server contains a PHP application that is affected by privilege escalation issues.

Description

The installation of phpMyFAQ on the remote host allows for bypassing authentication or escalating privileges via the 'admin/attachment.php' and 'admin/editor/plugins/ImageManager/images.php' scripts. By leveraging these issues, a remote attacker can upload files, possibly even containing arbitrary code, subject to the privileges of the web server user ID.

Note that successful exploitation of these issues requires PHP's 'register_globals' setting to be enabled.

Solution

Upgrade to phpMyFAQ 1.6.10 or later.

See Also

http://www.phpmyfaq.de/advisory_2007-02-18.php

Plugin Details

Severity: Medium

ID: 24672

File Name: phpmyfaq_1_610.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 2/20/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpmyfaq:phpmyfaq

Required KB Items: www/phpmyfaq

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 2/18/2007

Reference Information

CVE: CVE-2007-1032